Consumers continue to seek out payment methods that facilitate fast, frictionless, convenient payments. Mobile and IoT payments fit the bill, but come with their own set of #security concerns. We outline the top concerns here.
The payments evolution continues with mobile and IoT payments taking off as the demand for convenience and utility increases among consumers. Mobile payments provides flexibility for consumers as well as additional engagement opportunities for merchants. IoT brings the added convenience of more personalized payments opportunities as well as the ability to complete unattended payments.
It seems like a win-win across the board; however, these new ways of payments face some measurable trade-offs. At the forefront of many consumers’ minds is the question: “Is the added convenience enough to allay data security and privacy concerns?” On the whole, it appears consumers are fairly willing to trade some privacy for additional convenience and personalization. That said, opt-ins from consumers do not abate the widespread and very real risk of data breaches through these emerging payment mechanisms. We look at the implications of both mobile and IoT payments and how to balance the risk and benefits of each.
There are a variety of ways to pay using a mobile phone, though the most prominent include near-field communication (NFC) payments and remote payments. The former — often referred to as contactless payments — happens when NFC-enabled phones communicate with NFC-enabled card machines via close-proximity radio frequency identification. The result is a fast, direct, and encrypted transfer of data to point-of-sale devices. In the UK, nearly seven in 10 people use contactless payments and roughly 10% of people have chosen to live a largely “cashless” life that relies on contactless payments. The US commitment to cashless pales in comparison, with just 3% of cards in force are contactless (compared to the UK’s roughly 64%).
On the other hand, remote payments in the US are in healthy shape, with 73.5% of consumers’ most recent mass merchant retail purchases being made remotely. With remote payments, consumers can make payments through a smartphone browser by entering card details on a website, or via a mobile app that has a payment card attached to it, or through numerous P2P apps. Many consumers enable smartphone browsers to store payment information, making payments faster and more convenient. In fact, 26.6% of consumers used stored payment information to make a mobile payment in Q1 of this year.
There are inherent risks in each of these uses, with fraudsters topping the list of concerns. According to the 2019 Thales Data Threat Report, the following data security concerns are the most prominent based on a survey of 1,200 executives that manage IT and data security:
That same survey showed that the best methods to combat these risks include using strong encryption (31% of respondents reported this), implementing multifactor authentication (MFA) (30% of respondents reported this), and strict password compliance (30% of respondents reported this).
IoT payments have largely removed friction from the process by removing the need for human intervention from the payments experience. Instead, consumers can leverage the connectivity of devices (whether a watch, a voice-activated assistant, or a car) to make purchases and authorize payments.
IoT is a rising star whose popularity cannot be denied. At least 40% of global households contain at least one IoT device and projected global spending on IoT is $1.2 trillion by 2022. It turns out, this technology is just as popular with fraudsters, who are hitting connected devices hard. Advertisers are expected to lose $42 billion to online, mobile, and in-app advertising fraud this year alone. Of course, technology to combat this type of fraud is advancing at a rapid pace; the online fraud prevention market is projected to have a CAGR of 20% from now through 2025.
These anti-fraud precautions are merited. The Thales survey reports that 6 data security concerns lead the way when it comes to IoT:
1. Attacks on IoT devices that may impact critical operations
2. Lack of security frameworks and controls within the IoT environment
3. Protecting sensitive data generated by an IoT device
4. Loss of theft of IoT devices
5. Privacy violations related to data generated by an IoT device
6. Lack of skilled personnel to implement IoT securely
To address these concerns, respondents rely on encryption/tokenization (42% of respondents), authentication/digital identification of IoT devices (41% of respondents), and anti-malware (40%).
While both mobile and IoT payments are paving the way for faster, more personalized, frictionless payments, they are not without security concerns. Smart fraudsters remain a step ahead in identifying and exploiting vulnerabilities within each of these modes of payment. While consumers are still working out their own internal comfort level with security concerns, merchants and financial institutions do not have room to avert or delay resources when it comes to data security. Added convenience and faster payments are strong benefits; however, protecting sensitive data must be a top concern when delivering these benefits to end-users.